Glen wrote:
Now I'm changing all the passwords in the system. Then, I'll start looking at all the listening processes on the system. They can attack something that isn't listening.
Umm..., is the only reason you think you've suffered security compromise the fact that suddenly what you thought was your root password didn't work, and you weren't entirely sure whether you'd changed it? No other signs of break-in whatsoever? That sounds more than a little thin.
However, if you haven't looked at all the listening processes on the system, it's indeed about time. I'm curious about how you're doing that without trusting any of the tools on the suspect system.
(Yes, I am being mildly ironic. How to examine a running system for signs of compromise is a difficult problem.)
Rick Moen
rick@linuxmafia.com